Using Trusted Certificates with IBM Endpoint Manager for Mobile Devices

IBM Endpoint Manager for Mobile Devices requires a certificate to manage iOS devices – through Apple’s Push Notification Service (APNS). This APNS certificate allows the Management Extender to establish a secure, trusted channel of communication with the iOS devices. This setup is straightforward and is detailed here. Our MDM evaluators guide provides step by step instructions with screen captures. Contact me if you don’t have a copy.

If you’ve installed IEM to manage some devices, you’ll note that for iOS devices you have to install a self signed certificate first. You can remove the requirement for this by installing a well known or trusted certificate from Verisign, Godaddy, Gotrust etc.

The steps to install IEM with a trusted certificate below. I want to acknowledge the great article by Orb Data which provided me some great info, and explained certificates in PEM format.

Complete Step 1: Deploy the Management Extender Fixlet and Step 2: Obtain certificate to manage Apple iOS devices to install the Management Extender. Save the final APNS certificate as push.cer and place it in a directory on your IEM server, say D:\ManagementExtender\APNS\push.cer. Now this has the certificate covered for IEM communicating with Apple’s APNS service.

Now for the certificate for device to IEM server communication, we need to create a certificate request that a certificate authority can process. I was using Godaddy to define a certificate for the domain name mdm.darrylmiles.me. On a Mac I used OpenSSL I would run this command:openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr